# Minijail Seccomp Policy for isolated_app processes on X86-64.

access: return EPERM

# arch_prctl: arg0 == ARCH_SET_GS
arch_prctl: arg0 == 0x1001; return EPERM

chmod: return EPERM
chown: return EPERM
creat: return EPERM
dup2: 1
epoll_create: 1
epoll_wait: 1
fork: return EPERM
fstatfs: 1
futimesat: return EPERM
getdents64: 1
getdents: return EPERM
getrlimit: 1
ioperm: return EPERM
iopl: return EPERM
lchown: return EPERM
link: return EPERM
lstat: return EPERM
mkdir: return EPERM
mknod: return EPERM

# mmap: flags in {MAP_SHARED|MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK|MAP_NORESERVE|MAP_FIXED|MAP_DENYWRITE}
mmap: arg3 in 0x24833

newfstatat: 1
open: 1
pause: 1
pipe: 1
poll: 1
readlink: return EPERM
rename: return EPERM
rmdir: return EPERM
select: 1
stat: return EPERM
symlink: return EPERM
time: 1
unlink: return EPERM
uselib: return EPERM
ustat: return EPERM
utime: return EPERM
utimes: return EPERM